PHP :: Bug #45762 :: Strange eval() behaviour

Bug #45762	Strange eval() behaviour
Submitted:	2008-08-08 12:59 UTC	Modified:	2008-08-08 14:20 UTC
From:	marcus dot mueller at grintsch dot com	Assigned:
Status:	Not a bug	Package:	*General Issues
PHP Version:	5.2.6	OS:	Linux 2.6.25-2-amd64 #1 SMP
Private report:	No	CVE-ID:	None

View Developer Edit

[2008-08-08 12:59 UTC] marcus dot mueller at grintsch dot com

Description:
------------
I'm not quite sure this is a bug, so if it isn't please excuse my ignorance.

Running the script below on a produces a "PHP Parse error:  memory exhausted".

Lowering 9994 to 9993 doesn't expose this behaviour and produces the expected result (well, "boolean false" oc).

From the PHP manual: "PHP imposes no boundary on the size of a string; the only limit is the available memory of the computer on which PHP is running".

The box I'm running this on has 4GB.

Reproduce code:
---------------
<?php
for($foo='',$i=0;$i<9994;$i++) {
	$foo.='1+';
}
eval('$foo='.$foo.' 1;var_dump($foo);');

for($foo='',$i=0;$i<9994;$i++) {
	$foo.='!';
}
eval('$foo='.$foo.' 1;var_dump($foo);');
?>

Expected result:
----------------
int 9995

boolean true


Actual result:
--------------
int(9995)
Parse error: memory exhausted in not.php(10) : eval()'d code on line 1

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-08-08 13:09 UTC] scottmac@php.net

Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

You have a parse error in your second block of code.
eval('$foo='.$foo.' 1;var_dump($foo);');

Essentially you have
$foo = 9994!!!!! 1; var_dump($foo);

[2008-08-08 13:22 UTC] marcus dot mueller at grintsch dot com

Thank you for your quick reply.

> You have a parse error in your second block of code.
> eval('$foo='.$foo.' 1;var_dump($foo);');
> 
> Essentially you have
> $foo = 9994!!!!! 1; var_dump($foo);

I beg to differ. Please look again.

There is no parse error in the second block.

$foo contains 9994 times the "!" followed by "1".

Please check again with the following code.

<?php
for($foo='',$i=0;$i<9994;$i++) {
  $foo.='!';
}
echo strlen($foo)."<br/>\n";
$bar = '$foo='.$foo.' 1;var_dump($foo);';
echo $bar."<br/>\n";
eval($bar);
?>

And as I mentioned before the example runs absolutely fine (no parse rror, no memory exhausted error) when lowering 9994 to 9993.

[2008-08-08 14:10 UTC] lbarnaud@php.net

The parser currently has a stack size limit of 10000.

AFAIK this means that the parser cannot handle more than this number of tokens in the same expression.

If you need more you can change that by defining YYMAXDEPTH to a larger number in zend_language_parser.y.

It is not eval() specific.

[2008-08-08 14:20 UTC] marcus dot mueller at grintsch dot com

Thanks a lot for your response. I can see clearer now...

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Jul 30 19:00:02 2025 UTC